Download
| Alert*
oval:org.secpod.oval:def:99585
libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:708878 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:1507501 [10.0.0-6.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6.2.el9_4] - qemu: Fix migration with custom XML [10.0.0-6.1.el9_4] - Fix off-by-one error in udevListInterfacesByStatus - remote: check for negative array lengths before allocation oval:org.secpod.oval:def:1702238 An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces exceeds the size of the 'names' array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of s ... oval:org.secpod.oval:def:708917 libvirt: Libvirt virtualization toolkit Details: USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory Several security issues were fixed in libvirt. oval:org.secpod.oval:def:89051727 This update for libvirt fixes the following issues: * CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. * CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces . * CVE-2024-1441: Fix off-by-one error in udevListInterfacesByStat ... oval:org.secpod.oval:def:89051706 This update for libvirt fixes the following issues: * CVE-2024-2494: Fixed negative g_new0 length leading to unbounded memory allocation . oval:org.secpod.oval:def:509289 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fixes: libvirt: off-by-one error in udevListInterfacesByStatus libv ... oval:org.secpod.oval:def:89051704 This update for libvirt fixes the following issues: * CVE-2024-2494: Fixed negative g_new0 length can lead to unbounded memory allocation . oval:org.secpod.oval:def:89051715 This update for libvirt fixes the following issues: * CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. The following non-security bug was fixed: * Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap . |